Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VNC thru VPN into DMZ

Status
Not open for further replies.
themikehyde

themikehyde

IS-IT--Management
Feb 20, 2003
61
0
0
US
Hi,
I have my VPN working and can map drives on the inside hosts. I need to VNC into my web servers that are in the DMZ. I can do this while directly connect to the inside, but what do I ned to add to allow this via VPN?
Thanks
 
Sort by date Sort by votes
It all depends on your configuration. If you could post a brief outline of your config it would help.

It could be as simple as the access-lists and what traffic you let through the VPN tunnel, but a config snapshot would make it easier.
 
Upvote 0 Downvote
Create a pool and use a block of the DMZ addresses. Create a vpn group and have it assign an ip address from the pool.

 
Upvote 0 Downvote
HI.

Add configuration commands similar to those used for the inside network and vpn:
* Add a nat 0 statement with additional access-list to the dmz interface.
* Add the dmz network to the access-lists that specify the vpn traffic (bound to crypto map) and to "split-tunnel".

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
-----------------------
Add configuration commands similar to those used for the inside network and vpn:
* Add a nat 0 statement with additional access-list to the dmz interface.
* Add the dmz network to the access-lists that specify the vpn traffic (bound to crypto map) and to "split-tunnel".
-----------------------

Yizhar,
Can you explain a little bit more in detail the steps to allow a VPN client to access the DMZ. I have beat myself to death over this. I'm having the problem of not being able to get to the DMZ from VPN. I'm using a PPTP connection with the standard Microsoft Client on XP.

Based on my settings:
Inside 192.168.3.0
DMZ 192.168.2.0
Outside (only temp for test lab) 192.168.1.0
VPN ip pool- 192.168.3.225-192.168.3.235

I get VPN'ed fine and can access all the Inside servers. However, I just can't get to the DMZ segment that has our webservers.
I've come to 2 conclusions:

1-my local machine doesn't know where to route when i request a DMZ address (requesting 192.168.2.0)
or
2-my access-list is screwed up somehow that's not letting vpn traffic over to the dmz.

If you want, I will post my config.
I appreciate any help you can give me.
Thanks,
Chris
 
Upvote 0 Downvote
HI Littlejohn2003

> I'm using a PPTP connection
Better switch to Cisco VPN client. It is more secure (dual authentication, client cannot save password, etc) and will also solve the above problem with split tunnel.

> Inside 192.168.3.0
> VPN ip pool- 192.168.3.225-192.168.3.235
The VPN ip pool should better be different, like:
192.168.55.X
This will require some modifications in your pix.

The remote PPTP client should enable the "use default gateway" option. It is enabled by default but you might have disabled it.

> If you want, I will post my config
It is best to post it in a new thread if needed.

Bye


Yizhar Hurwitz
 
Upvote 0 Downvote
Yizhar, thanks for the quick reply. However, I found your PIXcript tool and it worked like magic.

But yes, I did change my VPN IP pool to a different subnet. Thanks for your help. Now if I could just get that darn RADIUS working. :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
121
nnaarrnn
nnaarrnn
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
150
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
73
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
175
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
53
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top